Re: [ISN] Cert warns of automated attacks

From: InfoSec News (isnat_private)
Date: Sat Apr 13 2002 - 01:01:10 PDT

  • Next message: InfoSec News: "[ISN] Should virus writers be allowed to post harmful code on the Web?"

    Forwarded from: security curmudgeon <jerichoat_private>
    cc: certat_private
    
    Random comments from the peanut gallery. I'm tired and grumpy, so bear
    with me.
    
    > http://www.vnunet.com/News/1130755
    > 
    > By James Middleton [09-04-2002]
    > 
    > Hacking tools are becoming increasingly sophisticated
    > 
    > The Computer Emergency Response Team (Cert) has released a report
    > pinpointing the six fastest evolving trends in the black hat world
    > of internet security.
    > 
    > The organisation, which has been monitoring hacker activity since
    > 1998, found that the most notable trend to evolve over recent years
    > is the automation and speed of attack tools.
    
    CERT has been around for over a decade, and they are monitoring
    'hacker activity' for only the last five? Jeez, either that is serious
    errata or CERT is full of slackers that overlooked a key part of their
    function.
    
    > Although widespread scanning over the internet has been common since
    > 1997, today's tools are set to maximise impact and speed.
    > 
    > Freely available attack tools now exploit vulnerabilities as part of
    > the scanning process and are capable of self-initiating new attacks
    > on a well-managed and co-ordinated global scale.
    
    "now"? This has been going on a lot longer than people realize or
    admit. ADM did a proof of concept 'worm' that hit 1 or 2 linux vulns
    that spread for a while some 3+ years ago.
    
    > Public communications protocols such as IRC and Instant Messenger
    > have now become popular methods for co-ordinating attack tools.
    
    This warning, and the last about "social engineering over irc!!"
    really do cry out "we're desperate for attention". Remote root
    vulnerabilities flying across Bugtraq left and right, while CERT is
    resigning itself to pure shit advisories. Why?
    
    > The increasing permeability of firewalls is also posing a problem,
    > as security is being sacrificed to convenience. More technologies
    > are being designed to bypass firewalls, such as IPP (the Internet
    > Printing Protocol) and WebDAV (Web-based Distributed Authoring and
    > Versioning).
    
    Lets see here..
    
    IPP: RFC 2568, by S. Zilles of Adobe Systems Inc.
    WebDAV: RFC 2518, by Microsoft, UC Irvine, Netscape, Novell
    
    Adobe, who likes to forego security in favor of litigating.. and then
    we have Microsoft and others.
    
    And don't forget SOAP!!
    
    Anyone else remember the SOAP "documentation"?
    
    "Currently, developers struggle to make their distributed applications
    work across the Internet when firewalls get in the way.  Since most
    firewalls block all but a few ports, such as the standard HTTP port
    80, all of today's distributed object protocols like DCOM suffer.."
    
    I love it when these companies with big security initiatives are
    behind entire protocols designed to bypass firewalls. Funny that CERT
    doesn't mention the culprits of these protocols. Oh yeah, they are
    sissies. Nevermind.
    
    > Analyst firm Computer Economics recently estimated that the total
    > economic impact of Code Red was $2.6bn, and that SirCam cost another
    > $1.3bn. The 11 September attacks will cost around $15.8bn to restore
    > IT and communication infrastructure.
    
    Oh great firm to quote. "Computer Economics", the company that has
    absolutely ZERO economists on their staff. Jeez.
    
    I bet they are sure experts on all things related to economics.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Apr 13 2002 - 03:19:19 PDT